Top menu

Uber paid off hackers in attempt to hide theft

Thursday, 23 Nov, 2017

Advertising

Popular

Trump, Putin talk Syria, N.Korea in 1-hour call
Putin told Trump that Bashar Assad confirmed his commitment to political reforms in Syria, including constitutional amendments. The congress is expected to be held in Russia's Black Sea resort of Sochi , but the date and participants are not clear yet.

Selena Gomez Debuts Blonde Hair at AMAs 2017 & We are SHOOK
You hear that? The fans are fans! If that's anything whether you respect me or not that's one thing you should know about me. After a almost year-long hiatus from performing onstage, Gomez will entertain viewers with her new song " Wolves ".

New 'A Wrinkle in Time' trailer is a real mind-bender
Ava DuVernay's adaptation of Madeleine L'Engle's 1963 book is set to visually blow our minds as we tumble through space and time. Even the trailer all on its own suggests that these three are going to be so much fun to watch.

Robert Mugabe not likely to go anytime soon
Zanu-PF also resolved to elect Mnangagwa - who was recently fired as vice president by Mugabe - as the party's new leader. Now, the ZANU-PF has given the president until mid-day Monday to resign or face impeachment.

Saudi Arabia seeks to ratchet up pressure against Iran
A senior Israeli official has said Tel Aviv has "partly covert" ties with "many Muslim and Arab countries", including Riyadh. Iran has been helping Iraq and Syria with military advisors in their fight against Daesh (IS) and other terrorist groups.

Drew Brees Led A Truly Improbable Comeback
GREEN BAY, Wis. - Baltimore's defense bent here and there, but never got close to breaking in beating Green Bay. The Saints trailed 31-16, with fewer than three minutes remaining.

Instead of reporting the incident, Uberagreed to pay the two hackers $100,000 to delete the data and keep the breach quiet.

Uber joined the likes of Google, Sony, Yahoo and Target among companies that have suffered massive data breaches from hackers in recent years. And to Khosrowshahi's credit, he responded to knowledge of the security breach with the fury of someone who wants to make it clear that this kind of thing is unacceptable, and will not be tolerated. The hack didn't penetrate Uber's corporate systems or infrastructure, he said.

The revelations emerged as newUber boss DaraKhosrowshahi, who replaced founder and former CSO Travis Kalanick after his departure in August, came clean about the company's actions after a 2016 data breach in which two external individuals had accessed data stored on a third-party cloud service that the company uses. "What I learned, particularly around our failure to notify affected individuals or regulators a year ago, has prompted me to take several actions", Khosrowshahi stated in a blog post. It was also in blue moon due to the sexual harassment case. It has been subject to federal scrutiny for its use of Greyball, a software created to mislead local regulators in order to prevent them from enforcing taxi regulations.

Should we all just assume our data is lost?

To further hide the damage, Uber executives also made it appear as if the payout had been part of a "bug bounty" - a common practice among technology companies in which they pay hackers to attack their software to test for soft spots.

"Not only will 2018 see this mandated by GDPR [EU's General Data Protection Regulation], but it is vital to ensure that even in the wake of a breach customers do not lose total faith in a brand's ability to protect their data", he said. The SEC launched a probe into Yahoo, which is now part of Verizon Communications, and whether it disclosed its 2014 breach in a timely manner.

"Cloud services, such as AWS, are secured with SSH [secure shell] keys that are often outside the control of security teams", said Kevin Bocek, vice-president of security strategy and risk intelligence at Venafi.

Vera Jourova, the European Union commissioner in charge of data, said Uber's failure to come clean about the breach showed why the new data protection law was needed.

Because Uber is privately held, it is unlikely to be the target of an SEC investigation, David Chase, a former SEC enforcement attorney, told WSJ. In a coincidentally timed announcement shortly before Uber's hacking disclosure Tuesday, Whitman said she was stepping down as head of Hewlett Packard Enterprise Co.